Classifying Malware Using Deep Learning


Wrapping up 2017, it is safe to say there has been a massive increase in cybersecurity disasters. With that in mind, and due to the lack of expertise, it seems (and rightfully so) more and more organizations are concerned for the states of their infrastructure’s security.

This concern leads many organizations and businesses to use third party threat intelligence solutions – ones that are not typically performed in real-time, require human involvements and are quite costly.

Furthermore, for the organization to fully understand the impending threat they are dealing with, SOC (Security Operation Center) and IR (Incident Response) teams need to measure the severity of the threat, which will require time, resources and money.

But in the cybersecurity industry, where there is an ongoing need to respond to cyberattacks in real-time with minimal human interaction, the need for an autonomous solution is on the rise. The best way to eliminate human interaction is simply by using deep learning, a branch of artificial intelligence.

As deep learning is inspired by the human brain’s ability to learn, its ability to identify an object becomes instinctive. Similarly, bringing this approach to cybersecurity results in a new form of cyber intelligence – providing the brain the ability to recognize a malware and categorize it according to its malware family: Ransomware, backdoor, dropper, spyware, virus, worm and PUA (Potentially Unwanted Application).

Why is it important to classify zero-day malware files in real time?

By classifying types of malware in real time, security teams have an immediate visibility and knowledge of the malware that hit the organization, thus giving them fast insights on the attack providing them with a better understanding of the impact the attack had.

Due to this, SOC and IR teams have a full understanding of what exactly they are dealing with, allowing them to respond in the quickest way possible with minimal damage and providing them with a more automatic and actionable policy.

In this new whitepaperwe explain how the Deep Classification model works, and how we’ve integrated the malware classification feature into Deep Instinct’s latest releaseversion 2.1.